Académique Documents
Professionnel Documents
Culture Documents
Overview 1
Lesson: Creating User Accounts 2
Lesson: Creating Computer Accounts 17
Lesson: Modifying User and Computer
Account Properties 26
Lesson: Creating a User Account Template 35
Lesson: Enabling and Unlocking User and
Computer Accounts 42
Lesson: Resetting User and Computer
Accounts 50
Lesson: Locating User and Computer
Accounts in Active Directory 56
Lesson: Saving Queries 66
Lab A: Managing User and Computer
Accounts 71
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Module 2: Managing User and Computer Accounts iii
Instructor Notes
Presentation: This module provides students with the skills and knowledge that they need to
210 minutes create, modify, and manage user and computer accounts on computers running
Microsoft® Windows® Server 2003 in a networked environment.
Lab:
30 minutes After completing this module, students will be able to:
! Create user accounts.
! Create computer accounts.
! Modify user and computer account properties.
! Create a user account template.
! Enable and unlock user and computer accounts.
! Reset user and computer accounts.
! Locate user and computer accounts in the Active Directory® directory
service.
! Save queries.
Required materials To teach this module, you need the following materials:
! Microsoft PowerPoint® file 2274b_02.ppt.
! The multimedia presentation Types of User Accounts.
! The multimedia presentation Introduction to Locating User and Computer
Accounts in Active Directory.
Multimedia
The multimedia files are installed on the instructor computer. To open a
multimedia presentation, click the animation icon on the slide for that
multimedia presentation.
User Account Placement Point out that in most situations, systems administrators work in a predefined
in a Hierarchy Active Directory hierarchy. However, it is important for students to understand
that they must create user accounts in the appropriate containers in the
hierarchy.
User Account Password Open the Properties dialog box for a user account and point out the password
Options options that the administrator can set. The next topic explains when to select the
different options.
When to Require or Emphasize the security impacts of passwords.
Restrict Password
Changes
How to Create User Demonstrate the procedures.
Accounts
Practice: Creating User In this practice, students create user accounts by using different methods.
Accounts
Best Practices for Discuss the recommendations for local and domain user accounts.
Creating User Accounts
Where Computer Because users can create computer accounts when they join a domain, systems
Accounts Are Created in administrators must be aware that those user-created computer accounts exist in
a Domain the Computers container. Depending on the Active Directory design, the
computer accounts may need to be moved to specific organizational units.
Computer Account Explain the implications of the pre-Windows 2000 assignment to a computer
Options account. Describe what it means to assign a computer as a backup domain
controller; emphasize that students should only select this option in a specific
environment.
How to Create a Demonstrate the procedures.
Computer Account
Practice: Creating a In this practice, students create computer accounts by using different methods.
Computer Account
vi Module 2: Managing User and Computer Accounts
What Properties Are in a Discuss the properties that are copied in a user account template.
Template?
Guidelines for Creating Review the guidelines for user account templates.
User Account Templates
Practice: Creating a In this practice, students will create a user account template and then create a
User Account Template new user account based on the template.
Module 2: Managing User and Computer Accounts vii
When to Reset Explain situations that may require the systems administrator to reset a
Computer Accounts computer account.
How to Reset Computer Demonstrate the procedure.
Accounts
Practice: Resetting a In this practice, students will reset the password for a user account.
User Account Password
viii Module 2: Managing User and Computer Accounts
Search Types Suggest that students open the Find Users, Contacts, and Groups dialog box
and explore the drop-down boxes while you discuss the search types.
How to Search for Active This procedure is shown in the multimedia presentation, Introduction to
Directory Objects Locating User and Computer Accounts in Active Directory. You can
demonstrate it again if you feel it is appropriate for the students.
How to Search Using Explain that the interface for common queries enables you to search by using
Common Queries certain attributes that are not available in the Find Users, Contacts, and
Groups dialog box. For example, you can search for user accounts that are
disabled. Demonstrate the procedure.
Using a Custom Query Explain the uses of custom queries.
Practice: Locating User In this practice, students will locate user and computer accounts that meet
and Computer Accounts specific criteria.
Practice: Saving Queries In this practice, students will create a saved query.
Overview
Multimedia: Types of To view the Types of User Accounts presentation, open the Web page on the
User Accounts Student Materials compact disc, click Multimedia, and then click the title of
the presentation.
The Types of User Accounts presentation explains how using accounts that
grant different levels of access to the network satisfy the needs of network
users.
4 Module 2: Managing User and Computer Accounts
User principal logon The user principal name (UPN) consists of the user logon name and the user
name principal name suffix, joined by the at sign (@). The UPN must be unique in
the forest.
The second part of the UPN is the user principal name suffix. The user principal
name suffix can be the Domain Name System (DNS) domain name, the DNS
name of any domain in the forest, or an alternative name that an administrator
creates only for logon purposes. Users can use this name to log on with the Run
as command or on a secondary logon screen.
An example of a UPN is Jayadams@nwtraders.msft.
LDAP relative The LDAP relative distinguished name uniquely identifies the object in its
distinguished name parent container. Users never use this name, but administrators use this name to
add users to the network from a script or command line. All objects use the
same LDAP naming convention, so all LDAP relative distinguished names
must be unique in an organizational unit.
The following are examples of an LDAP relative distinguished name:
! CN=jayadams,CN=users,dc=nwtraders,dc=msft
! CN=computer1,CN=users,dc=nwtraders,dc=msft
6 Module 2: Managing User and Computer Accounts
Note In many cases, one domain will work for a corporate environment. You
can still separate administrative control of users by placing them into
organizational units.
8 Module 2: Managing User and Computer Accounts
Additional Readings For more information about service accounts, see “Services permissions” at
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/windowsserver2003/proddocs/server/sys_srv_permissions.asp.
Form more information about changing passwords, see:
! Article 324744, “HOW TO: Prevent Users from Changing a Password
Except When Required in Windows Server 2003,” in the Microsoft
Knowledge Base at http://support.microsoft.com/?kbid=324744.
! Article 320325, “User May Not Be Able to Change Their Password If You
Configure the ‘User Must Change Password at Next Logon’ Setting,” in the
Microsoft Knowledge Base at http://support.microsoft.com/?kbid=320325.
9. Click Next.
10. In the Password and Confirm password boxes, type the user’s password.
11. Select the appropriate password options.
12. Click Next, and then click Finish.
Note A user name cannot be identical to any other user or group name on the
computer being administered. It can contain up to 20 uppercase or lowercase
characters, except for the following:
"/\[]:;|=,+*?<>
A user name cannot consist solely of periods or spaces.
Using a command line Another way to create a domain user account is to use the dsadd command.
The dsadd user command adds a single user to the directory from a command
prompt or batch file.
To create a user account by using dsadd user:
1. Open a command prompt.
2. Type dsadd user UserDomainName [-samid SAMName]
[-upn UPN] [-fn FirstName] [-ln LastName] [-display DisplayName]
[-pwd {Password|*}] Use " " if there is a space in any variable.
Note For the complete syntax of the dsadd user command, at a command
prompt, type dsadd user /?.
Scenario Your manager asks you to create a local user account that will be used to back
up your company’s software. Another department in your organization will
install the software and give the account the user rights needed to back up the
server. You must create a local user account to be used as a service account.
Practice: Creating a
local user account
! Create a local user account
1. Open Computer Management for your local server.
2. Create an account by using the following parameters:
a. User name: Service_Backup
b. Description: Service Account for Backup Software
c. Password: P@ssw0rd
3. Clear the User must change password at next logon check box.
Scenario You will use the Administrator account to perform management tasks. Your
company’s security practices require that you create a personal user account
that you will use to log on to the domain, read and send e-mail, and other
nonadministrative tasks.
You must set up a domain user account for yourself. When you need to perform
administrative tasks, you will either log on as a different user or use secondary
logon credentials. This new account should be created in the nwtraders.msft/IT
Admin/IT Users container.
Practice: Creating a
domain user account
! Create a domain user account
1. Open Active Directory Users and Computers.
2. Add a user account to the IT Users container with the following parameters:
a. First name: Your first name (Example: Misty)
b. Last name: Your last name (Example: Shock)
c. Full name: Your full name (Example: Misty Shock)
d. User logon name: The first three letters of your first name and the first
three letters of your last name (Example: MisSho)
e. Password: Use a password that:
• Is at least seven characters long.
• Does not contain your user name, real name, or company name.
• Does not contain a complete word that is found in the dictionary.
• Contains characters from each of the following four groups.
Group Examples
Uppercase letters A, B, C ..
Lowercase letters a, b, c ..
Numerals 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
Symbols found on the keyboard ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] /
(all keyboard characters not :";'<>?,.\
defined as letters or numerals)
3. Log off.
4. Test the user account that you just created by logging on by using the user
account.
5. Log off.
Domain user accounts Consider the following best practices when creating domain user accounts:
! Disable any account that will not be used immediately.
! Require users to change their passwords the first time that they log on.
! As a security best practice, it is recommended that you do not log on to your
computer with administrative credentials.
! When you are logged on to your computer without administrative
credentials, it is recommended that you use the Run as command to
accomplish administrative tasks.
! Rename or disable the Administrator and Guest accounts in each domain to
reduce the attacks on your domain.
! By default, all traffic on Active Directory administrative tools is signed and
encrypted while in transit on the network. Do not disable this feature.
Module 2: Managing User and Computer Accounts 17
Note You cannot create computer accounts for computers running Microsoft
Windows 95, Microsoft Windows 98, Microsoft Windows Millennium Edition,
and Windows XP Home Edition, because their operating systems do not adhere
to Active Directory security requirements.
Module 2: Managing User and Computer Accounts 19
Note For the complete syntax of the dsadd user command, at a command
prompt, type dsadd computer /?.
24 Module 2: Managing User and Computer Accounts
Scenario The systems engineers for Northwind Traders are testing some advanced
features of Active Directory. Each member of your team must create five
computer accounts in the IT Test organizational unit.
Module 2: Managing User and Computer Accounts 25
Scenario The systems engineers for Northwind Traders are testing some advanced
features of Active Directory. Each member of your team must create five
computer accounts in the IT Test organizational unit.
Practice: Using a
command line
! Create a computer account by using dsadd
1. Click Start, click Run, and then type runas
/user:nwtraders\ComputerNameAdmin cmd
2. When prompted for the password, type P@ssw0rd and then press ENTER.
3. At the command prompt, type the following command:
dsadd computer "cn=ComputerName005,ou=IT
Test,dc=nwtraders,dc=msft"
26 Module 2: Managing User and Computer Accounts
Using a command line You can use the dsmod command to modify attributes of one or more existing
users or computers in Active Directory. To modify the attributes of a user
account:
1. Open a command prompt.
2. For a user account, type dsmod user UserDN ... [-upn UPN] [-fn
FirstName] [-mi Initial] [-ln LastName] [-display DisplayName] [-empid
EmployeeID] [-pwd (Password | *)] [-desc Description] [-office Office] [-
tel PhoneNumber] [-email E-mailAddress] [-hometel HomePhoneNumber]
[-pager PagerNumber] [-mobile CellPhoneNumber] [-fax FaxNumber] [-
iptel IPPhoneNumber] [-webpg WebPage] [-title Title] [-dept Department]
[-company Company] [-mgr Manager] [-hmdir HomeDirectory] [-hmdrv
DriveLetter:] [-profile ProfilePath] [-loscr ScriptPath] [-mustchpwd {yes |
no}] [-canchpwd {yes | no}] [-reversiblepwd {yes | no}] [-
pwdneverexpires {yes | no}] [-acctexpires NumberOfDays] [-disabled
{yes | no}] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-
c] [-q] [{-uc | -uco | -uci}]
– or –
For a computer account, type dsmod computer ComputerDN ... [-desc
Description] [-loc Location] [-disabled {yes | no}] [-reset] [{-s Server | -d
Domain}] [-u UserName] [-p {Password | *}] [-c] [-q] [{-uc | -uco | -uci}]
Note For the complete syntax of the dsmod command, at a command prompt,
type dsmod user /? or dsmod computer /?.
32 Module 2: Managing User and Computer Accounts
Scenario The systems engineers for Northwind Traders are working on integrating
Active Directory with the payroll system. You must create a user in the IT Test
organizational unit and set user account properties that the payroll system will
use to identify the user. Because this is a test account, you will not mandate the
user to change the password. Also, because the systems engineers will use this
account later, you should disable the account.
Practice: Modify user
account properties
! Create a user account
• In Active Directory Users and Computers, create a user account with the
following parameters:
• First name: ComputerName (Example: London)
• Last name: Payroll
• Full name: ComputerName Payroll (Example: London Payroll)
• User logon name: ComputerNamePayroll (Example: LondonPayroll)
• User logon name [pre-Windows 2000]: ComputerNamePayroll
(Example: LondonPayroll)
• Password: P@ssw0rd
Module 2: Managing User and Computer Accounts 33
Scenario The systems engineers for Northwind Traders want to test your ability to track
and search for computer assets by using the Location property of a computer
account. You must create a computer account in the IT Test organizational unit
and edit the Location property to match your city location.
Practice: Modifying
computer account
! Create a computer account
properties • In Active Directory Users and Computers, create a computer account whose
computer name is ServerComputerName (Example: ServerLondon).
Scenario The systems engineers for Northwind Traders are modifying user accounts with
command-line tools. You must create a user and modify its properties.
Practice: Using a
command line to modify
! Add a user account
user accounts • Using dsadd, add a user account with a user name of
ComputerNameDsmod.
Example: dsadd user "cn=londonDsmod,ou=it test,dc=nwtraders,dc=msft"
34 Module 2: Managing User and Computer Accounts
Scenario The systems engineers for Northwind Traders want to test your ability to track
and search for computer assets by using the Location property of the
Active Directory computer account. You need to create a computer account in
the IT Test organizational unit and edit the Location property to match your
city location.
Practice: Using a
command line to modify
! Add a computer account
computer accounts 1. Click Start, click Run, and then type runas
/user:nwtraders\ComputerNameAdmin cmd
2. When prompted for the password, type P@ssw0rd and then press ENTER.
3. In the command prompt, using dsadd, add a computer account with the
following parameters:
• Computer name: dsmodComputerName
• Organizational unit: IT Test
Additional reading For more information about profiles, see article 324749, “HOW TO: Create a
Roaming User Profile in Windows Server 2003” in the Microsoft Knowledge
Base at http://support.microsoft.com/?kbid=324749.
Form more information about home folders, see article 325853, “HOW TO:
Use Older Roaming User Profiles with Windows Server 2003” in the Microsoft
Knowledge Base at http://support.microsoft.com/?kbid=325853.
38 Module 2: Managing User and Computer Accounts
Scenario Your manager asks you to research the values to be copied from an account
template. You must create an account template with the following parameters,
copy the account to a user account, and document the variables that were copied
and the variables that were not copied.
Practice: creating a user
account template
! Create a user account template
• Create a user account template with the following parameters.
Parameter Properties Example
Scenario You must create accounts for the Telemarketing team at Northwind Traders.
The Telemarketing team has a high turnover of employees. For security
reasons, Northwind Traders does not want to rename and reuse user accounts.
You must create a user account template that meets the needs of the
Telemarketing team.
Practice: copying a user
account template
! Copy the user account template
• Copy the ComputerNameTemplate account that has the following
parameters.
Parameter Properties Example
Note To enable and disable user and computer accounts, you must be a
member of the Account Operators group, Domain Admins group, or the
Enterprise Admins group in Active Directory, or you must be delegated the
appropriate authority. As a security best practice, consider using Run as to
perform this procedure.
Module 2: Managing User and Computer Accounts 45
Using a command line You can also enable or disable accounts by using the dsmod command. As a
security best practice, consider using runas to perform this procedure.
To enable or disable accounts by using dsmod:
1. Open a command prompt with the runas command.
2. Type dsmod user UserDN -disabled {yes|no}
Value Description
By default, domain account lockout attempts are not recorded when unlocking a
workstation (using a password protected screen saver). You can change this
behavior by modifying the Interactive logon: Require Domain controller
authentication to unlock workstation Group Policy setting.
Module 2: Managing User and Computer Accounts 47
Scenario The security policy of Northwind Traders states that the user accounts of
employees going on extended leave must be disabled for the duration of their
leave. This is one of your job tasks. You must create an account in the IT Test
organizational unit, disable the account, and log on as the user to verify that the
account is disabled.
Practice: Disabling a
user account
! Create a disabled user account
• Create a user account with the following parameters:
• Organizational Unit: IT Test
• User name: ComputerNameDisabled
• Password: P@ssw0rd
• The account is disabled
Scenario You have just disabled a user account and verified that the user cannot log on.
You want to verify that there are no other problems with the account, so you
must enable the user account and log on to verify that the user account is
activated.
Practice: Enabling a
user account
! Enable the user account
• Enable the user account that has the following parameters:
• Organizational unit: IT Test
• User name: ComputerNameDisabled
Scenario The systems engineer discovers that the nightly security guard was trying to log
on to the kiosk computer without a domain account. The security guard has
been notified that they should not attempt to log on to the kiosk computer. The
systems engineer wants you to enable the kiosk computer for your city location.
Practice: Enabling a
computer account
! Enable the computer account
• Enable the computer account that has the following parameters:
• Organizational unit: IT Test
• Computer name: ComputerNameKiosk
Practice: Using a
command line
! Disable a user account by using dsmod
• Disable a user account in the IT Test organizational unit by using dsmod.
Example: Dsmod user "cn=London user,ou=it test,dc=nwtraders,dc=msft" -
disabled yes
Additional reading For more information about resetting a domain controller account and resetting
a computer account with a script, see article 325850, “HOW TO: Use
Netdom.exe to Reset Machine Account Passwords of a Windows Server 2003
Domain Controller,” in the Microsoft Knowledge Base at:
http://support.microsoft.com/?kbid=325850.
For more information about how Windows data protection API handles stored
passwords, see “Windows Data Protection” at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/
dnsecure/html/windataprotection-dpapi.asp.
52 Module 2: Managing User and Computer Accounts
Using a command line You can use the dsmod command to reset computer accounts. As a security
best practice, consider using runas to perform this procedure.
1. Open a command prompt by using the runas command.
2. Type dsmod computer ComputerDN –reset
Value Description
Scenario You are notified that a user in your city recently forgot their password. You
have followed company policy and verified the user is who they say they are.
You must reset the password on their account and make them change their
password at next logon.
Practice
! Reset the user account
1. In Active Directory Users and Computer, find the ComputerNameUser
account in the Users organizational unit.
2. Reset the password to P@ssw0rd1 and make the user change the password
at next logon.
3. Close all programs and log off.
Search Types
Find Printers When a shared printer is published in Active Directory, you can use Find
Printers to search for it by using criteria such as its asset number, the printer
language it uses, or whether it supports double-sided printing. After you find
the printer you want, you can easily connect to it by right-clicking the printer in
the Search Results box, and then clicking Connect, or by double-clicking the
printer.
Find Shared Folders When a shared folder is published in Active Directory, you can use Find
Shared Folders to search for it by using criteria such as keywords assigned to
it, the name of the folder, or the name of the person managing the folder. After
you find the folder you want, you can open Windows Explorer to view the files
located in the folder by right-clicking the folder in the Search Results box, and
then clicking Explore.
Find Custom Search In Active Directory, you can search for familiar objects such as computers,
printers, and users. You can also search for other objects, such as a specific
organizational unit or certificate template. Use Find Custom Search to build
custom search queries by using advanced search options or build advanced
search queries by using LDAP, which is the primary access protocol for
Active Directory.
Find Common Queries You can use Find Common Queries to perform common administrative
queries in Active Directory. For example, you can quickly search for user or
computer accounts that have been disabled.
Advanced query options For each search option except Find Common Queries, there is an Advanced
tab that you can use to create a more detailed search. For example, you can
search for all users in a city or zip code from the Advanced tab.
Additional reading For more information about searching Active Directory see “Search Companion
overview” at http://www.microsoft.com/technet/treeview/default.asp?url=/
technet/prodtechnol/windowsserver2003/proddocs/server/find_overview.asp.
60 Module 2: Managing User and Computer Accounts
Using a command line You can use the dsquery command to find users and computers in
Active Directory that match the specified search criteria. If the predefined
search criteria in this command are insufficient, use the more general version of
the command, dsquery *.
To search for a user by using dsquery:
! In a command prompt, type the following:
dsquery user [{StartNode | forestroot | domainroot}] [-o {dn | rdn | upn |
samid}] [-scope {subtree | onelevel | base}] [-name Name] [-desc
Description] [-upn UPN] [-samid SAMName] [-inactive NumberOfWeeks]
[-stalepwd NumberOfDays] [-disabled] [{-s Server | -d Domain}] [-u
UserName] [-p {Password | *}] [-q] [-r] [-gc] [-limit NumberOfObjects] [{-
uc | -uco | -uci}]
Additional reading For more information about LDAP language, see “Listing Properties to
Retrieve for Each Object Found” at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/
netdir/ad/listing_properties_to_retrieve_for_each_object_found.asp.
64 Module 2: Managing User and Computer Accounts
Scenario The systems engineers are bulk importing user accounts into the Users
container. They need you to verify that all Sales Manager user accounts were
successfully imported into Active Directory.
Practice: locating user
accounts by name
! Locate user accounts by name
• Locate user accounts:
• In the Users container in the NWTraders domain.
• With a description of Sales Manager.
Your search should produce approximately 24 Sales Manager user accounts.
Module 2: Managing User and Computer Accounts 65
Scenario The systems engineers are bulk importing computer accounts into the
Computers container. They need you to verify that all computer accounts from
your city location were successfully imported into Active Directory. The
naming convention used to bulk import computer accounts is the first three to
four letters of the city location, followed by Computer and an incremental
number, for example, CasaComputer2005.
Practice: locating
computer accounts by
! Locate computer accounts by name
name • Locate a computer account:
• In the Computers container in the NWTraders domain.
• With a computer name that is the first three letters of your city location.
Your search should produce approximately 101 computer accounts.
Scenario The systems engineers are bulk importing computer accounts into the
Computers container. They need you to verify that all computer accounts from
your city location have been successfully imported into Active Directory. The
naming convention used to bulk import computer accounts is to use the first
three to four letters of the city location, followed by Computer and an
incremental number, for example, CasaComputer2005.
Practice: locating
disabled accounts
! Locate disabled accounts
• Locate user accounts:
• In the NWTraders domain.
• With a description that starts with Sales.
• That are disabled (Do not enable the accounts).
Your search should produce approximately 240 disabled user accounts.
Scenario The systems engineers are bulk importing computer accounts into the
Computers container. They need you to verify that all computer accounts from
your city location were successfully imported into Active Directory. The
naming convention used to bulk import computer accounts is to use the first
three to four letters of the city location, followed by Computer and an
incremental number, for example, CasaComputer2005.
Practice: locating
computer accounts by
! Locate computer accounts by city
city • Locate computer accounts:
• In the Computers container in the NWTraders domain.
• With a computer name that is the first three letters of your city location.
Your search should produce approximately 101 computer accounts.
Scenario You discover that you often search for the same information. You want to save
searches for future use. Create a saved query for a user account. The saved
query must have the following properties:
! The saved query is named ComputerName User Account.
! The saved query is saved in the Users container in the NWTraders domain.
! The City value equals your computer name that equals your computer name.
70 Module 2: Managing User and Computer Accounts
Estimated time to
complete this lab:
30 minutes
72 Module 2: Managing User and Computer Accounts
Exercise 1
Creating User Accounts
In this exercise, you will create two user accounts.
Scenario
You have been given a list of users that need to be added to Active Directory. Find the users on the
list that have an office in your city location and add them to the appropriate organizational unit in
your city organizational unit.
(continued)
Last name, First name City
Exercise 2
Creating Computer Accounts
In this exercise, you will create 10 computer accounts.
Scenario
You are expecting to receive four new laptop computers and five new desktop computers in your
location. A consultant with a user account in the domain will add these computers to the domain.
Northwind Traders policy states that the laptop and desktop computers will be managed by the
administrators of the city organizational unit.
Exercise 3
Searching for and Moving Users Accounts
In this exercise, you will search for users in your city location and move them to the
ComputerName/Users organizational unit.
Scenario
The system engineers at NorthWind Traders have imported user accounts for the entire nwtraders
domain. The system administrators are responsible for searching for the user accounts that have a
city location attribute of their ComputerName and move the account to the Users folder in their
ComputerName organizational unit.
1. Search for user accounts by " Starting point for the search: nwtraders.msft
using the following " Find: Users, Contacts, and Groups
advanced search criteria.
" Field: City
" Condition: Is (exactly)
" Value: ComputerName
Exercise 4
Searching for and Moving Computer Accounts
In this exercise, you will search for computer accounts whose names have the first three letters of
your computer name and move them to your ComputerName/Computers organizational unit.
Scenario
The system engineers at NorthWind Traders have imported computer accounts for the entire
nwtraders domain. The system administrators are responsible for searching for the computer
accounts that have the first three letters of their ComputerName and move the account to the
Computers folder in their ComputerName organizational unit.
1. Search for computer " Starting point for the search: nwtraders.msft
accounts by using the " Find: Computers
following advanced search
criteria. " Field: Computer name (pre-Windows 2000)
" Condition: Starts with
" Value: The first three letters of your computer name
Exercise 5
Searching for and Enabling User Accounts
In this exercise, you will enable user and computer accounts in your city organizational unit.
Scenario
The system engineers at NorthWind Traders have imported user account for the entire nwtraders
domain. The system administrators are responsible for searching user accounts that have a city
location attribute of their ComputerName and then enabling the accounts so that the users can
logon.